CVE-2007-2747
published 2007-05-17CVE-2007-2747: Directory traversal vulnerability in rdw_helpers.py in rdiffWeb before 0.3.5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the path…
PriorityP430medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
3.51%
87.7th percentile
Directory traversal vulnerability in rdw_helpers.py in rdiffWeb before 0.3.5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to the /browse URI.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rdiffweb | rdiffweb | <= 0.3.5 | — |
| rdiffweb | rdiffweb | — | — |
| rdiffweb | rdiffweb | — | — |
| rdiffweb | rdiffweb | — | — |
| rdiffweb | rdiffweb | — | — |
| rdiffweb | rdiffweb | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://osvdb.org/36519http://secunia.com/advisories/25368http://www.rdiffweb.org/wiki/index.php?title=Roadmap#Version_0.3.5.1http://www.securityfocus.com/bid/24092http://www.vupen.com/english/advisories/2007/1775https://exchange.xforce.ibmcloud.com/vulnerabilities/33734https://lists.berlios.de/pipermail/rdiffweb-discuss/2007-March/000100.htmlhttp://osvdb.org/36519http://secunia.com/advisories/25368http://www.rdiffweb.org/wiki/index.php?title=Roadmap#Version_0.3.5.1http://www.securityfocus.com/bid/24092http://www.vupen.com/english/advisories/2007/1775https://exchange.xforce.ibmcloud.com/vulnerabilities/33734https://lists.berlios.de/pipermail/rdiffweb-discuss/2007-March/000100.html
2007-05-17
Published